From: "Gerd Hoffmann" <kraxel@redhat.com>
To: "Xu, Min M" <min.m.xu@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Aktas, Erdem" <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>
Subject: Re: [edk2-devel] [PATCH V1 1/7] OvmfPkg: Add Tdx measurement data structure in WorkArea
Date: Wed, 18 Jan 2023 09:04:43 +0100 [thread overview]
Message-ID: <20230118080443.i2h6lgwzgthr54aj@sirius.home.kraxel.org> (raw)
In-Reply-To: <PH0PR11MB5064B3E67788DFDF533FA684C5C79@PH0PR11MB5064.namprd11.prod.outlook.com>
On Wed, Jan 18, 2023 at 01:41:15AM +0000, Xu, Min M wrote:
> On January 17, 2023 7:26 PM, Gerd Hoffmann wrote:
> > So the measurement is done early and the hashes are stored to create the
> > event log entries later, correct?
> Yes.
> >
> > Why both TdHob and CFV are handled this way? It should be needed for
> > TdHob only, right? The work area has a fixed size, IMHO we should not store
> > data there unless we absolutely have to, and for CFV I don't see the
> > justification.
> In our first design CFV was measured and extended in PEI phase. Because CFV is consumed in PlatformInitEmuVariableNvStore.
> But then we find a problem. That we must either refactor the HashLibBaseCryptoRouterPei or introduce a new HashLib in PEI phase.
> 1) If HashLibBaseCryptoRouterPei is to be refactored to support tdx-measurement, then it must detect the tdx-guest in run-time so that it can determine to call Tpm2PcrExtend or call TdxExtendRtmr.
> 2) If we import a new HashLib in PEI phase, we are facing another problem, that we have to load either the new HashLib or HashLibBaseCryptoRouterPei in run-time.
So, in short, we don't have support for TDX measurements in PEI, so you
are doing it in SEC instead. Can you note that in the commit message?
thanks,
Gerd
next prev parent reply other threads:[~2023-01-18 8:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 7:40 [PATCH V1 0/7] Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-17 7:40 ` [PATCH V1 1/7] OvmfPkg: Add Tdx measurement data structure in WorkArea Min Xu
2023-01-17 11:25 ` Gerd Hoffmann
2023-01-18 1:41 ` [edk2-devel] " Min Xu
2023-01-18 8:04 ` Gerd Hoffmann [this message]
2023-01-18 8:09 ` Min Xu
2023-01-17 7:40 ` [PATCH V1 2/7] OvmfPkg/IntelTdx: Add TdxHelperLib Min Xu
2023-01-17 7:40 ` [PATCH V1 3/7] OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurements Min Xu
2023-01-17 7:40 ` [PATCH V1 4/7] OvmfPkg/IntelTdx: Update tdx measurement in SEC phase Min Xu
2023-01-17 7:40 ` [PATCH V1 5/7] OvmfPkg: Enable Tdx measurement in OvmfPkgX64 Min Xu
2023-01-17 11:28 ` Gerd Hoffmann
2023-01-17 7:40 ` [PATCH V1 6/7] OvmfPkg/PlatformInitLib: Delete the ProcessTdxHobList() Min Xu
2023-01-17 7:40 ` [PATCH V1 7/7] OvmfPkg/PlatformPei: Build GuidHob for Tdx measurement Min Xu
2023-01-17 11:22 ` [PATCH V1 0/7] Enable Tdx measurement in OvmfPkgX64 Gerd Hoffmann
2023-01-17 13:09 ` Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230118080443.i2h6lgwzgthr54aj@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox